Lab Fortigate 7.2.0
spoke to spoke traffic is not considered in this lab
Hub configuration
1. VPN
Add route default is Enabled, which will inject Spoke subnets into Hub routing table, requires Spoke has proper traffic selector configured.
Accept Types can be Any Peer ID, or optional Specific peer ID.
Specify Hub LAN subnets as Local Address, all zero as Remote Address for all spokes.
2. Firewall Policy
Spoke 1 Configuration
1. VPN
Local Address need be configured so Hub can automatically inject a static route in routing table.
2. Routing
3. Firewall Policy
Spoke2 has similar configuration.
Verification
on Hub:
Comments
Post a Comment